• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.6
• /
• pp.1059-1068
• /
• 2022

A Post-Quantum Cryptographic algorithm NTRU, which is designed by considering the computational power of quantum computers, satisfies the mathematically security level. However, it should consider the characteristics of side-channel attacks such as power analysis attacks in hardware implementation. In this paper, we verify that the private key can be recovered by analyzing the power signal generated during the decryption process of NTRU. To recover the private keys, the Simple Power Analysis (SPA), Correlation Power Analysis (CPA) and Differential Deep Learning Analysis (DDLA) were all applicable. There is a shuffling technique as a basic countermeasure to counter such a power side-channel attack. Neverthe less, we propose a more effective method. The proposed method can prevent CPA and DDLA attacks by preventing leakage of power information for multiplication operations by only performing addition after accumulating each coefficient, rather than performing accumulation after multiplication for each index.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.6
• /
• pp.1045-1057
• /
• 2022

Recently, the National Institute of Standards and Technology (NIST) announced four cryptographic algorithms as a standard candidates of Post-Quantum Cryptography (PQC). In this paper, we show that private key can be exposed by a non-profiling-based power analysis attack such as Correlation Power Analysis (CPA) and Differential Deep Learning Analysis (DDLA) on CRYSTALS-KYBER algorithm, which is decided as a standard in the PKE/KEM field. As a result of experiments, it was successful in recovering the linear polynomial coefficient of the private key. Furthermore, the private key can be sufficiently recovered with a 13.0 Normalized Maximum Margin (NMM) value when Hamming Weight of intermediate values is used as a label in DDLA. In addition, these non-profiling attacks can be prevented by applying countermeasures that randomly divides the ciphertext during the decryption process and randomizes the starting point of the coefficient-wise multiplication operation.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.21 no.5
• /
• pp.14-21
• /
• 2020

In order to provide confidential services between two communicating parties, block data encryption using a symmetric secret key is applied. A power analysis attack on a cryptosystem is a side channel-analysis method that can extract a secret key by measuring the power consumption traces of the crypto device. In this paper, we propose an attack model that can recover the secret key using a power analysis attack based on a deep learning convolutional neural network (CNN) algorithm. Considering that the CNN algorithm is suitable for image analysis, we particularly adopt the recurrence plot (RP) signal processing method, which transforms the one-dimensional power trace into two-dimensional data. As a result of executing the proposed CNN attack model on an XMEGA128 experimental board that implemented the AES-128 encryption algorithm, we recovered the secret key with 22.23% accuracy using raw power consumption traces, and obtained 97.93% accuracy using power traces on which we applied the RP processing method.

• International Journal of Computer Science & Network Security
• /
• v.21 no.6
• /
• pp.169-180
• /
• 2021

Since machine learning was invented, there have been many different machine learning-based algorithms, from shallow learning to deep learning models, that provide solutions to the classification tasks. But then it poses a problem in choosing a suitable classification algorithm that can improve the classification/detection efficiency for a certain network context. With that comes whether an algorithm provides good performance, why it works in some problems and not in others. In this paper, we present a data-centric analysis to provide a way for selecting a suitable classification algorithm. This data-centric approach is a new viewpoint in exploring relationships between classification performance and facts and figures of data sets.

• International Journal of Computer Science & Network Security
• /
• v.22 no.6
• /
• pp.172-180
• /
• 2022

Crypto-mining malware (known as crypto-jacking) is a novel cyber-attack that exploits the victim's computing resources such as CPU and GPU to generate illegal cryptocurrency. The attacker get benefit from crypto-jacking by using someone else's mining hardware and their electricity power. This research focused on the possibility of detecting the potential crypto-mining malware in an environment by analyzing both static and dynamic approaches of deep learning. The Program Executable (PE) files were utilized with deep learning methods which are Long Short-Term Memory (LSTM). The finding revealed that LTSM outperformed both SVM and RF in static and dynamic approaches with percentage of 98% and 96%, respectively. Future studies will focus on detecting the malware using larger dataset to have more accurate and realistic results.

• International Journal of Computer Science & Network Security
• /
• v.21 no.6
• /
• pp.17-22
• /
• 2021

The attack trend on end-users via mobile devices is increasing in both the danger level and the number of attacks. Especially, mobile devices using the Android operating system are being recognized as increasingly being exploited and attacked strongly. In addition, one of the recent attack methods on the Android operating system is to take advantage of Android Package Kit (APK) files. Therefore, the problem of early detecting and warning attacks on mobile devices using the Android operating system through the APK file is very necessary today. This paper proposes to use the method of analyzing abnormal behavior of APK files and use it as a basis to conclude about signs of malware attacking the Android operating system. In order to achieve this purpose, we propose 2 main tasks: i) analyzing and extracting abnormal behavior of APK files; ii) detecting malware in APK files based on behavior analysis techniques using machine learning or deep learning algorithms. The difference between our research and other related studies is that instead of focusing on analyzing and extracting typical features of APK files, we will try to analyze and enumerate all the features of the APK file as the basis for classifying malicious APK files and clean APK files.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.3
• /
• pp.1100-1118
• /
• 2021

In a wide range of ML applications, the training data contains privacy-sensitive information that should be kept secure. Training the ML systems by privacy-sensitive data makes the ML model inherent to the data. As the structure of the model has been fine-tuned by training data, the model can be abused for accessing the data by the estimation in a reverse process called model inversion attack (MIA). Although, MIA has been applied to shallow neural network models of recognizers in literature and its threat in privacy violation has been approved, in the case of a deep learning (DL) model, its efficiency was under question. It was due to the complexity of a DL model structure, big number of DL model parameters, the huge size of training data, big number of registered users to a DL model and thereof big number of class labels. This research work first analyses the possibility of MIA on a deep learning model of a recognition system, namely a face recognizer. Second, despite the conventional MIA under the white box scenario of having partial access to the users' non-sensitive information in addition to the model structure, the MIA is implemented on a deep face recognition system by just having the model structure and parameters but not any user information. In this aspect, it is under a semi-white box scenario or in other words a gray-box scenario. The experimental results in targeting five registered users of a CNN-based face recognition system approve the possibility of regeneration of users' face images even for a deep model by MIA under a gray box scenario. Although, for some images the evaluation recognition score is low and the generated images are not easily recognizable, but for some other images the score is high and facial features of the targeted identities are observable. The objective and subjective evaluations demonstrate that privacy cyber-attack by MIA on a deep recognition system not only is feasible but also is a serious threat with increasing alert state in the future as there is considerable potential for integration more advanced ML techniques to MIA.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.16 no.1
• /
• pp.67-78
• /
• 2020

Typical security solutions such as intrusion detection system are not suitable for detecting advanced persistent attack(APT), because they cannot draw the big picture from trivial events of security solutions. Researches on techniques for detecting multiple stage attacks by analyzing the correlations between security events or alerts are being actively conducted in academic field. However, these studies still use events from existing security system, and there is insufficient research on the structure of the entire security system suitable for advanced persistent attacks. In this paper, we propose an attack path and intention recognition system suitable for multiple stage attacks like advanced persistent attack detection. The proposed system defines the trace format and overall structure of the system that detects APT attacks based on the correlation and behavior analysis, and is designed with a structure of detection system using deep learning and big data technology, etc.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.6
• /
• pp.1127-1136
• /
• 2021

In the field of power analysis attacks, electrical noise and misalignment of the power consumption trace are the major factors that determine the success of the attack. Therefore, several studies have been conducted to overcome this problem, and one of them is a signal processing method based on wavelet transform. Up to now, discrete wavelet transform, which can compress the trace, has been mostly used for power side-channel power analysis because continuous wavelet transform techniques increase data size and analysis time, and there is no efficient scale selection method. In this paper, we propose an efficient scale selection method optimized for power analysis attacks. Furthermore, we show that the analysis performance can be greatly improved when using the proposed method. As a result of the CPA(Correlation Power Analysis) and DDLA(Differential Deep Learning Analysis) experiments, which are non-profiling attacks, we confirmed that the proposed method is effective for noise reduction and trace alignment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.3
• /
• pp.491-501
• /
• 2019

In side-channel analysis, which exploit physical leakage from a cryptographic device, deep learning based attack has been significantly interested in recent years. However, most of the state-of-the-art methods have been focused on classifying side-channel information in a profiled scenario where attackers can obtain label of training data. In this paper, we propose a new method based on deep learning to improve non-profiling side-channel attack such as Differential Power Analysis and Correlation Power Analysis. The proposed method is a signal preprocessing technique that reduces the noise in a trace by modifying Auto-Encoder framework to the context of side-channel analysis. Previous work on Denoising Auto-Encoder was trained through randomly added noise by an attacker. In this paper, the proposed model trains Auto-Encoder through the noise from real data using the noise-reduced-label. Also, the proposed method permits to perform non-profiled attack by training only a single neural network. We validate the performance of the noise reduction of the proposed method on real traces collected from ChipWhisperer board. We demonstrate that the proposed method outperforms classic preprocessing methods such as Principal Component Analysis and Linear Discriminant Analysis.